* ksud: Address pagefault in ksu_handle_execveat_ksud
As pointed out by @backslashxx, when strncpy pagefaults, it causes
the first_arg to be completely NULL in some systems. This causes
second_stage initialization to fail hence causing SU to be
non-functional.
This patch copies ksu_strncpy_from_user_retry from @backslashxx's
commit:
e2fe25e485
This adds a fallback to perform a normal strncpy_from_user when nofault
fails which allows us to get the first_arg in such cases.
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Signed-off-by: Edrick Sinsuan <evcsinsuan@gmail.com>
* Revert "ksud: Add second_stage init variant (#653)"
This reverts commit c6b60a24e8.
---------
Signed-off-by: Edrick Sinsuan <evcsinsuan@gmail.com>
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Cherry pick from 8bb9518060a4a7db7f40
Backporting is cool, but not everyone has the skills for it.
This commit does NOT make it required, but it will allow compiler
to use whats in-kernel if it exists.
The following are backportable:
- kernel_read / kernel_write
< 4.14, backport chain, tested on 4.9
e13ec939e9bdd1d2d3d2c41fbad015ac452acae1
- strncpy_from_user_nofault
for 5.4, apply: bd88bb5d40
for 4.x, apply: 424e21f3b0
for any failures, just SKIP THIS or check dependency chain of, 3d7081822f
this got backported to v4.4.236, v4.9.236, v4.14.197, v4.19.144
- hint, `curl $url.patch | git am`
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Useful for situations where the SU allowlist is not kept after a reboot.
As per upstream this is only used for < 4.10 and Huawei HiSilicon devices.
but theres user reports having issues even on 4.14/4.19 samsung kernels.
Expose this option so users affected can opt-in.
Discussion:
tiann#1249
tiann#1346
References:
tiann@f57d351
tiann@b61cb30
Credits to respective authors:
rhjdvsgsgks
ExtremeXT
Useful for situations where the SU allowlist is not kept after a reboot.
As per upstream this is only used for < 4.10 and Huawei HiSilicon devices.
but theres user reports having issues even on 4.14/4.19 samsung kernels.
Expose this option so users affected can opt-in.
Discussion:
tiann#1249
tiann#1346
References:
tiann@f57d351
tiann@b61cb30
Credits to respective authors:
rhjdvsgsgks
ExtremeXT
Use huawei_hisi_check.h to determine whether it is an old Huawei
HiSilicon device.
Solve:
1. Compatible with non-GKI Huawei HiSilicon devices
2. Solve different bugs in EMUI of different system versions
3. Does not affect other devices
input-event-codes.h:
Input: add input-event-codes header file
(f902dd8934)
This was in 4.4-rc, so 4.4.0 or above has it else no.
aio.h:
fs: move struct kiocb to fs.h
(e2e40f2c1e)
Below this version, we need to explicitly include aio.h for struct kiocb
This was in 4.1-rc, so 4.0 or below should do the include
uaccess.h, sched.h was present for long times, but 4.10 splited out to
include/sched/ but the current ifdef is not including uaccess.h for
lower versions than 4.4. Fix it.
Basic support for the case that init_task.mnt_ns != zygote.mnt_ns(WSA),
just copy nsproxy and fs pointers for solve #276.
Note the copy in `apk_sign.c` is not required but suggested for
secure(ensure the checked mnt_ns is what ns android running, not created
by user, although many distributions does not have user ns.).
Tested with latest release on Win10 19045.3086(with WSAPatch).
Further review required for:
- [x] Security of this operation (without locking).
- [x] The impact of these modifications on other Android distributions.
Hi @tiann.
Thanks for the great project, I had great fun playing around with it.
This PR mainly tries to further minimize the possible delays caused by
KernelSU hooking.
There are 3 major changes:
- Processes with 0 < UID < 2000 are blocked straight-up before going
through the allow_list.
I don't see any need for such processes to be interested in root, and
this allows returning early before going through a more expensive
lookup.
If there's an expected breakage due to this change, I'll remove it. Let
me know.
- A page-sized (4K) bitmap is added.
This allows O(1) lookup for UID <= 32767.
This speeds up `ksu_is_allow_uid()` by about 4.8x by sacrificing a 4K
memory. IMHO, a good trade-off.
Most notably, this reduces the 99.999% result previously from worrying
milliseconds scale to microseconds scale.
For UID > 32767, another page-sized (4K) sequential array is used to
cache allow_list.
Compared to the previous PR #557, this new approach gives another nice
25% performance boost in average, 63-96% boost in worst cases.
Benchmark results are available at
https://docs.google.com/spreadsheets/d/1w_tO1zRLPNMFRer49pL1TQfL6ndEhilRrDU1XFIcWXY/edit?usp=sharing
Thanks!
---------
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
On older kernel, kworker missing keyring from init process , and this
keyring is related to FBE , which causes filp_open return ENOKEY or
other errors.To fix this,just install init's keyring to per
kworkers.This works on Kernel 4.4 and 4.9.
